PTF Archives - Page 13 of 44

IBM i PTF Guide, Volume 25, Number 10

March 13, 2023 Doug Bidwell

Here is what is new this week: Fixes. To be specific: Long Term Support release: 9.2.0.10 client install image for IBM MQ on IBM i release level: 9.2.0.10-IBM-MQC-IBM_i. IBM MQ is also known as WebSphere MQ also known as MQ Series, and it is the message queuing middleware that Big Blue has been selling since 1993. Yup, that is 30 years ago, and this tool is one of the foundations of the microservices movement. It is Kafka-esque. Or, more precisely, Kafka is MQ-esque.

Anyway, here is the rundown of PTF Groups by IBM i release level since we last …
Read more
IBM i PTF Guide, Volume 25, Number 9

March 6, 2023 Doug Bidwell

We are still playing catch up and will be back in synch soon. We wanted to remind you about an important bug issue, which is ADMIN4 Job Terminates Suddenly When A User Profile Without *ALLOBJ and *IOSYSCFG Authority Accesses the IBM Web Administration GUI, which you can look at here.

This issue is introduced after applying the following IBM i HTTP Group PTF levels:
- IBM i 7.5: SF99952 level 5
- IBM i 7.4: SF99662 level 25
- IBM i 7.3: SF99722 level 42
Download and apply the following 5770-SS1 PTF to prevent the ADMIN4 job from ending suddenly. The PTF …
Read more
IBM i PTF Guide, Volume 25, Number 8

February 27, 2023 Doug Bidwell

We are playing catch up a bit here at the IBM i PTF Guide, and apologies for that but it goes that way sometime. There are a bunch of security vulnerabilities that you need to be aware of, including one that covers systems software not from IBM, as we usually track, but file transfer software from Forta (formerly known as HelpSystems). We are going to be keeping a closer eye on third party software security bulletins going forward.

So first, we have CVE-2023-0669, which explains that GoAnywhere MFT from Fortra (formerly HelpSystems) suffers from a pre-authentication command injection …
Read more
IBM i PTF Guide, Volume 25, Number 7

February 13, 2023 Doug Bidwell

This week brought more security vulnerabilities in the airspace above us, and also around the world with weird sightings in the United States, Canada, China, and Russia. Now we have security vulnerabilities in open source code that is part of the IBM i stack.

First, we have a Security Bulletin. IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities, which you can find out more about at this link. There are fixes as shown below by IBM i release and …
Read more
IBM i PTF Guide, Volume 25, Number 6

February 6, 2023 Doug Bidwell

American airspace had a new security vulnerability last week in the form of a Chinese balloon loaded with who knows what, and here are the new security vulnerabilities you need to worry about for the IBM i platform. There are three new ones that you need to shoot down over the ocean, just like US Air Force did with that “surveillance” balloon after it traversed the heartland of the country from Montana to South Carolina.

First, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477), which you can find out more about …
Read more
IBM i PTF Guide, Volume 25, Number 5

January 30, 2023 Doug Bidwell

Here’s a question for you: Are you using encryption to download software fixes from IBM? You may not know, and worse yet, you may not know how to figure that out. This is important because as we warned you last fall, IBM’s Electronic Fix Distribution and Fix Central systems will end support for unencrypted fix downloads starting on February 15 of this year.

That gives you two weeks and a day to figure it out. And this document from IBM helps you figure it out and tells you what to do.

Aside from this, it has been pretty quiet in …
Read more
IBM i PTF Guide, Volume 25, Number 4

January 23, 2023 Doug Bidwell

Here are some reminders to start off the IBM i PTF Guide this week.

First, there are new releases for Access Client Solutions and the ODBC database driver. (See ACS_NAV in the Guide for the links.) The funny bit – funny odd, not funny hilarious – is that version 26 of ACS did not allow companies to create a database source for ODBC, which is serious shortcoming. Now, there is a new version 27 that will let you do it. Here is the updated software:
```
Description				   Version
IBM i Access Client Solutions (1.1.9.1)	   1.1.9.1
ACS Windows App Pkg English (64bit)	   
```
…
Read more
IBM i PTF Guide, Volume 25, Number 3

January 16, 2023 Doug Bidwell

Last week was pretty quiet in PTF Land, as many of you might have expected. And considering that we were dealing with the Log4J vulnerability nonsense this time last year, we will take that as a bonus and just have Volume 24, Number 2, of the IBM i PTF Guide as a placeholder of sorts. This week is a bit more interesting, but nothing too big as yet. We have another 49 weeks in the year, so no hurry.

Just a reminder to read and heed: IBM Electronic Fix Distribution / IBM Fix Central systems will end support for unencrypted …
Read more
IBM i PTF Guide, Volume 25, Number 1

January 11, 2023 Doug Bidwell

The New Year is always marked with celebration, but this year we also celebrate 25 years of the PTF Guide! The best way I can think of for you to celebrate is to make sure you are up to date on your PTF work.

We start off 2023 with a series of Security Bulletins. First up, IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities. Get the details HERE.
```
IBM i Release		5770DG1 IBM HTTP Server for i Group PTF
7.5				SF99952 - 05
7.4				SF99662 - 
```
…
Read more
IBM i PTF Guide, Volume 24, Number 50

December 12, 2022 Doug Bidwell

It is another week of interesting security vulnerabilities in the IBM i world, so brace yourself for some research and patching. There are a slew of vulnerabilities that affect the Hardware Management Console for Power Systems, which means any of you IBM i shops that are using relatively large Power machines. There are five new ones, above and beyond the ones we have covered in recent weeks.

First, there is Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC, which you can read about here.
```
Affected Product(s)	Version(s)
HMC V10.1.1010.0	V10.1.1010.0 and later
HMC V9.2.950.0		V9.2.950.0 and later
Product		
```
…
Read more

Previous Articles Next Articles

Content archive

Recent Posts

Subscribe

Pages

Search